BLOG: Knock twice for security silliness

Knock creators see typing in a password to unlock a Mac as an inconvenience.

Some ideas change the world, others should never see the light of day. The latter is my take on a new password-replacement app called Knock.

How Knock works Knock creators see typing in a password to unlock a Mac as an inconvenience. Now, if you never considered that task too troublesome, then you are obviously on a different wavelength than the Knock entrepreneurs.

To use Knock you first install the app on your iPhone and Mac. (Sorry Android fans. You get to miss out on the fun). Then, when you walk away from your Mac and return to find it locked, you simply knock twice on your iPhone and voila! Your Mac password is automatically entered and your computer is ready to go.

The iPhone communicates with the Mac over Bluetooth. While that may seem like an iPhone battery drain, the Knock folks say no. That's because the Knock apps communicate over Bluetooth low energy, a wireless technology that uses far less power than standard Bluetooth.

Now you may be wondering whether Knock is secure. The company claims it is, pointing out that the app does not replace the password on the Mac or any of its built in security features. Also, the password is entered over a connection that uses 1024-bit RSA encryption.

While all of that is good, it still doesn't answer the question: Why do you need this? As a parlor trick, the app may entertain for a few minutes, but it really has no useful purpose, other than opening up the possibility of embarrassing situations.

For example, lets say you walk away from your Mac and leave your iPhone sitting beside it. Then your boyfriend or girlfriend, picks up the phone, knocks twice and then discovers you've been visiting a dating site. Life just got ugly.

Keeping the Mac password in your head is more secure then also having it on your iPhone. The Knock app doesn't have a big enough payoff to take additional risk.

AV is back I've said many times that anti-virus software on Android phones is not what's needed for security. Instead, wireless carriers and device manufacturers need to have a pow-wow on getting timely updates to the operating system out to customers. The best defense against hackers is keeping software up to date, but that's not an easy task.

Rather than tackle the tough problem, AT&T has chosen the ineffectual solution of bundling Lookout AV software on new Android smartphones. AT&T has yet to release a list of the phones that will get the bloatware.